kore

Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

kore.h (32317B)


      1 /*
      2  * Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
      3  *
      4  * Permission to use, copy, modify, and distribute this software for any
      5  * purpose with or without fee is hereby granted, provided that the above
      6  * copyright notice and this permission notice appear in all copies.
      7  *
      8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     15  */
     16 
     17 #ifndef __H_KORE_H
     18 #define __H_KORE_H
     19 
     20 #if defined(__APPLE__)
     21 #define daemon portability_is_king
     22 #endif
     23 
     24 #include <sys/param.h>
     25 #include <sys/types.h>
     26 #include <sys/time.h>
     27 #include <sys/queue.h>
     28 #include <sys/stat.h>
     29 #include <sys/un.h>
     30 
     31 #include <netinet/in.h>
     32 #include <arpa/inet.h>
     33 
     34 #include <errno.h>
     35 #include <regex.h>
     36 #include <stdarg.h>
     37 #include <stdlib.h>
     38 #include <stdio.h>
     39 #include <signal.h>
     40 #include <string.h>
     41 #include <syslog.h>
     42 #include <unistd.h>
     43 #include <stdarg.h>
     44 
     45 #if defined(__cplusplus)
     46 extern "C" {
     47 #endif
     48 
     49 #if defined(__APPLE__)
     50 #undef daemon
     51 extern int daemon(int, int);
     52 #define st_mtim		st_mtimespec
     53 #endif
     54 
     55 #if !defined(KORE_NO_SENDFILE)
     56 #if defined(__MACH__) || defined(__FreeBSD_version) || defined(__linux__)
     57 #define KORE_USE_PLATFORM_SENDFILE	1
     58 #endif
     59 #endif
     60 
     61 #if defined(__OpenBSD__)
     62 #define KORE_USE_PLATFORM_PLEDGE	1
     63 #endif
     64 
     65 #if defined(TLS_BACKEND_OPENSSL)
     66 #include <openssl/x509.h>
     67 #include <openssl/ssl.h>
     68 typedef X509		KORE_X509;
     69 typedef SSL		KORE_TLS;
     70 typedef SSL_CTX		KORE_TLS_CTX;
     71 typedef X509_NAME	KORE_X509_NAMES;
     72 typedef EVP_PKEY	KORE_PRIVATE_KEY;
     73 #else
     74 typedef void		KORE_X509;
     75 typedef void		KORE_TLS;
     76 typedef void		KORE_TLS_CTX;
     77 typedef void		KORE_X509_NAMES;
     78 typedef void		KORE_PRIVATE_KEY;
     79 #endif
     80 
     81 #define KORE_RSAKEY_BITS	4096
     82 
     83 /* Kore quit reasons. */
     84 #define KORE_QUIT_NONE		-1
     85 #define KORE_QUIT_NORMAL	0
     86 #define KORE_QUIT_FATAL		1
     87 
     88 #define KORE_RESULT_ERROR	0
     89 #define KORE_RESULT_OK		1
     90 #define KORE_RESULT_RETRY	2
     91 
     92 #define KORE_TLS_VERSION_1_3	0
     93 #define KORE_TLS_VERSION_1_2	1
     94 #define KORE_TLS_VERSION_BOTH	2
     95 
     96 #define KORE_BASE64_RAW		0x0001
     97 
     98 #define KORE_WAIT_INFINITE	(u_int64_t)-1
     99 #define KORE_RESEED_TIME	(1800 * 1000)
    100 
    101 #define errno_s			strerror(errno)
    102 #define ssl_errno_s		ERR_error_string(ERR_get_error(), NULL)
    103 #define KORE_DOMAINNAME_LEN		255
    104 #define KORE_PIDFILE_DEFAULT		"kore.pid"
    105 #define KORE_DHPARAM_PATH		PREFIX "/share/kore/ffdhe4096.pem"
    106 #define KORE_DEFAULT_CIPHER_LIST	"AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
    107 
    108 #define NETBUF_RECV			0
    109 #define NETBUF_SEND			1
    110 #define NETBUF_SEND_PAYLOAD_MAX		8192
    111 #define SENDFILE_PAYLOAD_MAX		(1024 * 1024 * 10)
    112 
    113 #define NETBUF_LAST_CHAIN		0
    114 #define NETBUF_BEFORE_CHAIN		1
    115 
    116 #define NETBUF_CALL_CB_ALWAYS	0x01
    117 #define NETBUF_FORCE_REMOVE	0x02
    118 #define NETBUF_MUST_RESEND	0x04
    119 #define NETBUF_IS_STREAM	0x10
    120 #define NETBUF_IS_FILEREF	0x20
    121 
    122 #define KORE_X509_COMMON_NAME_ONLY	0x0001
    123 
    124 #define KORE_PEM_CERT_CHAIN	1
    125 #define KORE_DER_CERT_DATA	2
    126 
    127 /* XXX hackish. */
    128 #if !defined(KORE_NO_HTTP)
    129 struct http_request;
    130 struct http_redirect;
    131 #endif
    132 
    133 #define KORE_FILEREF_SOFT_REMOVED	0x1000
    134 
    135 struct kore_fileref {
    136 	int				cnt;
    137 	int				flags;
    138 	int				ontls;
    139 	off_t				size;
    140 	char				*path;
    141 	u_int64_t			mtime;
    142 	time_t				mtime_sec;
    143 	u_int64_t			expiration;
    144 	void				*base;
    145 	int				fd;
    146 	TAILQ_ENTRY(kore_fileref)	list;
    147 };
    148 
    149 struct netbuf {
    150 	u_int8_t		*buf;
    151 	size_t			s_off;
    152 	size_t			b_len;
    153 	size_t			m_len;
    154 	u_int8_t		type;
    155 	u_int8_t		flags;
    156 
    157 	struct kore_fileref	*file_ref;
    158 	off_t			fd_off;
    159 	off_t			fd_len;
    160 
    161 	struct connection	*owner;
    162 	void			*extra;
    163 	int			(*cb)(struct netbuf *);
    164 
    165 	TAILQ_ENTRY(netbuf)	list;
    166 };
    167 
    168 TAILQ_HEAD(netbuf_head, netbuf);
    169 
    170 #define KORE_TYPE_LISTENER	1
    171 #define KORE_TYPE_CONNECTION	2
    172 #define KORE_TYPE_PGSQL_CONN	3
    173 #define KORE_TYPE_TASK		4
    174 #define KORE_TYPE_PYSOCKET	5
    175 #define KORE_TYPE_CURL_HANDLE	6
    176 
    177 #define CONN_STATE_UNKNOWN		0
    178 #define CONN_STATE_TLS_SHAKE		1
    179 #define CONN_STATE_ESTABLISHED		2
    180 #define CONN_STATE_DISCONNECTING	3
    181 
    182 #define CONN_PROTO_UNKNOWN	0
    183 #define CONN_PROTO_HTTP		1
    184 #define CONN_PROTO_WEBSOCKET	2
    185 #define CONN_PROTO_MSG		3
    186 #define CONN_PROTO_ACME_ALPN	200
    187 
    188 #define KORE_EVENT_READ		0x01
    189 #define KORE_EVENT_WRITE	0x02
    190 #define KORE_EVENT_ERROR	0x04
    191 
    192 #define CONN_IDLE_TIMER_ACT	0x0001
    193 #define CONN_CLOSE_EMPTY	0x0002
    194 #define CONN_WS_CLOSE_SENT	0x0004
    195 #define CONN_IS_BUSY		0x0008
    196 #define CONN_LOG_TLS_FAILURE	0x0020
    197 #define CONN_TLS_ALPN_ACME_SEEN	0x0040
    198 #define CONN_TLS_SNI_SEEN	0x0080
    199 
    200 #define KORE_IDLE_TIMER_MAX	5000
    201 
    202 #define WEBSOCKET_OP_CONT	0x00
    203 #define WEBSOCKET_OP_TEXT	0x01
    204 #define WEBSOCKET_OP_BINARY	0x02
    205 #define WEBSOCKET_OP_CLOSE	0x08
    206 #define WEBSOCKET_OP_PING	0x09
    207 #define WEBSOCKET_OP_PONG	0x0a
    208 
    209 #define WEBSOCKET_BROADCAST_LOCAL	1
    210 #define WEBSOCKET_BROADCAST_GLOBAL	2
    211 
    212 #define KORE_TIMER_ONESHOT	0x01
    213 #define KORE_TIMER_FLAGS	(KORE_TIMER_ONESHOT)
    214 
    215 #define KORE_CONNECTION_PRUNE_DISCONNECT	0
    216 #define KORE_CONNECTION_PRUNE_ALL		1
    217 
    218 struct kore_event {
    219 	int		type;
    220 	int		flags;
    221 	void		(*handle)(void *, int);
    222 } __attribute__((packed));
    223 
    224 struct connection {
    225 	struct kore_event	evt;
    226 	int			fd;
    227 	u_int8_t		state;
    228 	u_int8_t		proto;
    229 	struct listener		*owner;
    230 	KORE_TLS		*tls;
    231 	KORE_X509		*tls_cert;
    232 	char			*tls_sni;
    233 	int			tls_reneg;
    234 
    235 	u_int16_t		flags;
    236 	void			*hdlr_extra;
    237 
    238 	int			(*handle)(struct connection *);
    239 	void			(*disconnect)(struct connection *);
    240 	int			(*read)(struct connection *, size_t *);
    241 	int			(*write)(struct connection *, size_t, size_t *);
    242 
    243 	int			family;
    244 	union {
    245 		struct sockaddr_in	ipv4;
    246 		struct sockaddr_in6	ipv6;
    247 		struct sockaddr_un	sun;
    248 	} addr;
    249 
    250 	struct {
    251 		u_int64_t	length;
    252 		u_int64_t	start;
    253 	} idle_timer;
    254 
    255 	struct netbuf_head	send_queue;
    256 	struct netbuf		*snb;
    257 	struct netbuf		*rnb;
    258 
    259 #if !defined(KORE_NO_HTTP)
    260 	u_int64_t			http_start;
    261 	u_int64_t			http_timeout;
    262 	struct kore_runtime_call	*ws_connect;
    263 	struct kore_runtime_call	*ws_message;
    264 	struct kore_runtime_call	*ws_disconnect;
    265 	TAILQ_HEAD(, http_request)	http_requests;
    266 #endif
    267 
    268 	TAILQ_ENTRY(connection)	list;
    269 };
    270 
    271 TAILQ_HEAD(connection_list, connection);
    272 extern struct connection_list	connections;
    273 extern struct connection_list	disconnected;
    274 
    275 #define KORE_RUNTIME_NATIVE	0
    276 #define KORE_RUNTIME_PYTHON	1
    277 #define KORE_RUNTIME_LUA	2
    278 
    279 struct kore_runtime {
    280 	int	type;
    281 	int	(*resolve)(const char *, const struct stat *);
    282 #if !defined(KORE_NO_HTTP)
    283 	int	(*http_request)(void *, struct http_request *);
    284 	void	(*http_request_free)(void *, struct http_request *);
    285 	void	(*http_body_chunk)(void *,
    286 		    struct http_request *, const void *, size_t);
    287 	int	(*validator)(void *, struct http_request *, const void *);
    288 	void	(*wsconnect)(void *, struct connection *);
    289 	void	(*wsdisconnect)(void *, struct connection *);
    290 	void	(*wsmessage)(void *, struct connection *,
    291 		    u_int8_t, const void *, size_t);
    292 #endif
    293 	void	(*execute)(void *);
    294 	int	(*onload)(void *, int);
    295 	void	(*signal)(void *, int);
    296 	void	(*connect)(void *, struct connection *);
    297 	void	(*configure)(void *, int, char **);
    298 };
    299 
    300 struct kore_runtime_call {
    301 	void			*addr;
    302 	struct kore_runtime	*runtime;
    303 };
    304 
    305 #if !defined(KORE_NO_HTTP)
    306 
    307 struct kore_route_params {
    308 	char			*name;
    309 	int			flags;
    310 	u_int8_t		method;
    311 	struct kore_validator	*validator;
    312 
    313 	TAILQ_ENTRY(kore_route_params)	list;
    314 };
    315 
    316 struct kore_route {
    317 	char					*path;
    318 	char					*func;
    319 	int					type;
    320 	int					errors;
    321 	int					methods;
    322 	regex_t					rctx;
    323 	struct kore_domain			*dom;
    324 	struct kore_auth			*auth;
    325 	struct kore_runtime_call		*rcall;
    326 	struct kore_runtime_call		*on_free;
    327 	struct kore_runtime_call		*on_headers;
    328 	struct kore_runtime_call		*on_body_chunk;
    329 
    330 	TAILQ_HEAD(, kore_route_params)		params;
    331 	TAILQ_ENTRY(kore_route)			list;
    332 };
    333 
    334 #endif
    335 
    336 struct kore_domain {
    337 	u_int16_t				id;
    338 	int					logerr;
    339 	u_int64_t				logwarn;
    340 	int					accesslog;
    341 
    342 	char					*domain;
    343 	struct kore_buf				*logbuf;
    344 	struct kore_server			*server;
    345 
    346 #if defined(KORE_USE_ACME)
    347 	int					acme;
    348 	int					acme_challenge;
    349 	void					*acme_cert;
    350 	size_t					acme_cert_len;
    351 #endif
    352 	char					*cafile;
    353 	char					*crlfile;
    354 	char					*certfile;
    355 	char					*certkey;
    356 	KORE_TLS_CTX				*tls_ctx;
    357 	int					x509_verify_depth;
    358 #if !defined(KORE_NO_HTTP)
    359 	TAILQ_HEAD(, kore_route)		routes;
    360 	TAILQ_HEAD(, http_redirect)		redirects;
    361 #endif
    362 	TAILQ_ENTRY(kore_domain)		list;
    363 };
    364 
    365 TAILQ_HEAD(kore_domain_h, kore_domain);
    366 
    367 extern struct kore_runtime	kore_native_runtime;
    368 
    369 struct listener {
    370 	struct kore_event		evt;
    371 	int				fd;
    372 	int				family;
    373 	char				*port;
    374 	char				*host;
    375 	struct kore_server		*server;
    376 	struct kore_runtime_call	*connect;
    377 
    378 	LIST_ENTRY(listener)		list;
    379 };
    380 
    381 struct kore_server {
    382 	int				tls;
    383 	char				*name;
    384 	struct kore_domain_h		domains;
    385 	LIST_HEAD(, listener)		listeners;
    386 	LIST_ENTRY(kore_server)		list;
    387 };
    388 
    389 LIST_HEAD(kore_server_list, kore_server);
    390 
    391 #if !defined(KORE_NO_HTTP)
    392 
    393 #define KORE_PARAMS_QUERY_STRING	0x0001
    394 
    395 #define KORE_AUTH_TYPE_COOKIE		1
    396 #define KORE_AUTH_TYPE_HEADER		2
    397 #define KORE_AUTH_TYPE_REQUEST		3
    398 
    399 struct kore_auth {
    400 	u_int8_t		type;
    401 	char			*name;
    402 	char			*value;
    403 	char			*redirect;
    404 	struct kore_validator	*validator;
    405 
    406 	TAILQ_ENTRY(kore_auth)	list;
    407 };
    408 
    409 #define HANDLER_TYPE_STATIC	1
    410 #define HANDLER_TYPE_DYNAMIC	2
    411 
    412 #endif /* !KORE_NO_HTTP */
    413 
    414 #define KORE_MODULE_LOAD	1
    415 #define KORE_MODULE_UNLOAD	2
    416 
    417 #define KORE_MODULE_NATIVE	KORE_RUNTIME_NATIVE
    418 #define KORE_MODULE_PYTHON	KORE_RUNTIME_PYTHON
    419 #define KORE_MODULE_LUA		KORE_RUNTIME_LUA
    420 
    421 struct kore_module;
    422 
    423 struct kore_module_functions {
    424 	void			(*free)(struct kore_module *);
    425 	void			(*reload)(struct kore_module *);
    426 	int			(*callback)(struct kore_module *, int);
    427 	void			(*load)(struct kore_module *);
    428 	void			*(*getsym)(struct kore_module *, const char *);
    429 };
    430 
    431 struct kore_module {
    432 	void				*handle;
    433 	char				*path;
    434 	char				*onload;
    435 	int				type;
    436 	struct kore_runtime_call	*ocb;
    437 
    438 	struct kore_module_functions	*fun;
    439 	struct kore_runtime		*runtime;
    440 
    441 	TAILQ_ENTRY(kore_module)	list;
    442 };
    443 
    444 /*
    445  * The workers get a 128KB log buffer per worker, and parent will fetch their
    446  * logs when it reached at least 75% of that or if its been > 1 second since
    447  * it was last synced.
    448  */
    449 #define KORE_ACCESSLOG_BUFLEN		131072U
    450 #define KORE_ACCESSLOG_SYNC		98304U
    451 
    452 struct kore_alog_header {
    453 	u_int16_t		domain;
    454 	u_int16_t		loglen;
    455 } __attribute__((packed));
    456 
    457 struct kore_privsep {
    458 	char		*root;
    459 	char		*runas;
    460 	int		skip_runas;
    461 	int		skip_chroot;
    462 };
    463 
    464 struct kore_worker {
    465 	u_int16_t			id;
    466 	u_int16_t			cpu;
    467 	int				ready;
    468 	int				running;
    469 #if defined(__linux__)
    470 	int				tracing;
    471 #endif
    472 	pid_t				pid;
    473 	int				pipe[2];
    474 	struct connection		*msg[2];
    475 	u_int8_t			has_lock;
    476 	int				restarted;
    477 	u_int64_t			time_locked;
    478 	struct kore_route		*active_route;
    479 	struct kore_privsep		*ps;
    480 
    481 	/* Used by the workers to store accesslogs. */
    482 	struct {
    483 		int			lock;
    484 		size_t			offset;
    485 		char			buf[KORE_ACCESSLOG_BUFLEN];
    486 	} lb;
    487 };
    488 
    489 #if !defined(KORE_NO_HTTP)
    490 
    491 #define KORE_VALIDATOR_TYPE_REGEX	1
    492 #define KORE_VALIDATOR_TYPE_FUNCTION	2
    493 
    494 struct kore_validator {
    495 	u_int8_t			type;
    496 	char				*name;
    497 	char				*arg;
    498 	regex_t				rctx;
    499 	struct kore_runtime_call	*rcall;
    500 
    501 	TAILQ_ENTRY(kore_validator)	list;
    502 };
    503 #endif /* !KORE_NO_HTTP */
    504 
    505 #define KORE_BUF_OWNER_API	0x0001
    506 
    507 struct kore_buf {
    508 	u_int8_t		*data;
    509 	int			flags;
    510 	size_t			length;
    511 	size_t			offset;
    512 };
    513 
    514 #define KORE_JSON_TYPE_OBJECT		0x0001
    515 #define KORE_JSON_TYPE_ARRAY		0x0002
    516 #define KORE_JSON_TYPE_STRING		0x0004
    517 #define KORE_JSON_TYPE_NUMBER		0x0008
    518 #define KORE_JSON_TYPE_LITERAL		0x0010
    519 #define KORE_JSON_TYPE_INTEGER		0x0020
    520 #define KORE_JSON_TYPE_INTEGER_U64	0x0040
    521 
    522 #define KORE_JSON_FALSE			0
    523 #define KORE_JSON_TRUE			1
    524 #define KORE_JSON_NULL			2
    525 
    526 #define KORE_JSON_DEPTH_MAX		10
    527 
    528 #define KORE_JSON_ERR_NONE		0
    529 #define KORE_JSON_ERR_INVALID_OBJECT	1
    530 #define KORE_JSON_ERR_INVALID_ARRAY	2
    531 #define KORE_JSON_ERR_INVALID_STRING	3
    532 #define KORE_JSON_ERR_INVALID_NUMBER	4
    533 #define KORE_JSON_ERR_INVALID_LITERAL	5
    534 #define KORE_JSON_ERR_DEPTH		6
    535 #define KORE_JSON_ERR_EOF		7
    536 #define KORE_JSON_ERR_INVALID_JSON	8
    537 #define KORE_JSON_ERR_INVALID_SEARCH	9
    538 #define KORE_JSON_ERR_NOT_FOUND		10
    539 #define KORE_JSON_ERR_TYPE_MISMATCH	11
    540 #define KORE_JSON_ERR_LAST		KORE_JSON_ERR_TYPE_MISMATCH
    541 
    542 #define kore_json_find_object(j, p)		\
    543     kore_json_find(j, p, KORE_JSON_TYPE_OBJECT)
    544 
    545 #define kore_json_find_array(j, p)		\
    546     kore_json_find(j, p, KORE_JSON_TYPE_ARRAY)
    547 
    548 #define kore_json_find_string(j, p)		\
    549     kore_json_find(j, p, KORE_JSON_TYPE_STRING)
    550 
    551 #define kore_json_find_number(j, p)		\
    552     kore_json_find(j, p, KORE_JSON_TYPE_NUMBER)
    553 
    554 #define kore_json_find_integer(j, p)		\
    555     kore_json_find(j, p, KORE_JSON_TYPE_INTEGER)
    556 
    557 #define kore_json_find_integer_u64(j, p)	\
    558     kore_json_find(j, p, KORE_JSON_TYPE_INTEGER_U64)
    559 
    560 #define kore_json_find_literal(j, p)		\
    561     kore_json_find(j, p, KORE_JSON_TYPE_LITERAL)
    562 
    563 #define kore_json_create_object(o, n)				\
    564     kore_json_create_item(o, n, KORE_JSON_TYPE_OBJECT)
    565 
    566 #define kore_json_create_array(o, n)				\
    567     kore_json_create_item(o, n, KORE_JSON_TYPE_ARRAY)
    568 
    569 #define kore_json_create_string(o, n, v)			\
    570     kore_json_create_item(o, n, KORE_JSON_TYPE_STRING, v)
    571 
    572 #define kore_json_create_number(o, n, v)			\
    573     kore_json_create_item(o, n, KORE_JSON_TYPE_NUMBER, (double)v)
    574 
    575 #define kore_json_create_integer(o, n, v)			\
    576     kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER, (int64_t)v)
    577 
    578 #define kore_json_create_integer_u64(o, n, v)			\
    579     kore_json_create_item(o, n, KORE_JSON_TYPE_INTEGER_U64, (u_int64_t)v)
    580 
    581 #define kore_json_create_literal(o, n, v)			\
    582     kore_json_create_item(o, n, KORE_JSON_TYPE_LITERAL, v)
    583 
    584 struct kore_json {
    585 	const u_int8_t			*data;
    586 	int				depth;
    587 	size_t				length;
    588 	size_t				offset;
    589 
    590 	struct kore_buf			tmpbuf;
    591 	struct kore_json_item		*root;
    592 };
    593 
    594 struct kore_json_item {
    595 	u_int32_t			type;
    596 	char				*name;
    597 	struct kore_json_item		*parent;
    598 
    599 	union {
    600 		TAILQ_HEAD(, kore_json_item)	items;
    601 		char				*string;
    602 		double				number;
    603 		int				literal;
    604 		int64_t				integer;
    605 		u_int64_t			u64;
    606 	} data;
    607 
    608 	int	(*parse)(struct kore_json *,
    609 		    struct kore_json_item *);
    610 
    611 	TAILQ_ENTRY(kore_json_item)	list;
    612 };
    613 
    614 struct kore_pool_entry {
    615 	u_int8_t			state;
    616 	void				*uptr;
    617 	void				*canary;
    618 	struct kore_pool_entry		*nextfree;
    619 };
    620 
    621 struct kore_pool {
    622 	size_t			memsz;
    623 	size_t			growth;
    624 	size_t			pagesz;
    625 	size_t			elmlen;
    626 	size_t			uselen;
    627 	u_int64_t		canary;
    628 	volatile int		lock;
    629 	char			*name;
    630 
    631 	struct kore_pool_entry	*freelist;
    632 };
    633 
    634 struct kore_timer {
    635 	u_int64_t	nextrun;
    636 	u_int64_t	interval;
    637 	int		flags;
    638 	void		*arg;
    639 	void		(*cb)(void *, u_int64_t);
    640 
    641 	TAILQ_ENTRY(kore_timer)	list;
    642 };
    643 
    644 /*
    645  * Keymgr process is worker index 0, but id 2000.
    646  * Acme process is worker index 1, but id 2001.
    647  */
    648 #define KORE_WORKER_KEYMGR_IDX		0
    649 #define KORE_WORKER_ACME_IDX		1
    650 #define KORE_WORKER_BASE		2
    651 #define KORE_WORKER_KEYMGR		2000
    652 #define KORE_WORKER_ACME		2001
    653 #define KORE_WORKER_MAX			UCHAR_MAX
    654 
    655 #define KORE_WORKER_POLICY_RESTART	1
    656 #define KORE_WORKER_POLICY_TERMINATE	2
    657 
    658 /* Reserved message ids, registered on workers. */
    659 #define KORE_MSG_WEBSOCKET		1
    660 #define KORE_MSG_KEYMGR_REQ		2
    661 #define KORE_MSG_KEYMGR_RESP		3
    662 #define KORE_MSG_SHUTDOWN		4
    663 #define KORE_MSG_ENTROPY_REQ		5
    664 #define KORE_MSG_ENTROPY_RESP		6
    665 #define KORE_MSG_CERTIFICATE		7
    666 #define KORE_MSG_CERTIFICATE_REQ	8
    667 #define KORE_MSG_CRL			9
    668 #define KORE_MSG_ACCEPT_AVAILABLE	10
    669 #define KORE_PYTHON_SEND_OBJ		11
    670 #define KORE_MSG_WORKER_LOG		12
    671 #define KORE_MSG_FATALX			13
    672 #define KORE_MSG_ACME_BASE		100
    673 
    674 /* messages for applications should start at 201. */
    675 #define KORE_MSG_APP_BASE		200
    676 
    677 /* Predefined message targets. */
    678 #define KORE_MSG_PARENT		1000
    679 #define KORE_MSG_WORKER_ALL	1001
    680 
    681 struct kore_msg {
    682 	u_int8_t	id;
    683 	u_int16_t	src;
    684 	u_int16_t	dst;
    685 	size_t		length;
    686 };
    687 
    688 struct kore_keyreq {
    689 	int		padding;
    690 	char		domain[KORE_DOMAINNAME_LEN + 1];
    691 	size_t		data_len;
    692 	u_int8_t	data[];
    693 };
    694 
    695 struct kore_x509_msg {
    696 	char		domain[KORE_DOMAINNAME_LEN + 1];
    697 	size_t		data_len;
    698 	u_int8_t	data[];
    699 };
    700 
    701 #if !defined(KORE_SINGLE_BINARY)
    702 extern char	*config_file;
    703 #endif
    704 
    705 extern pid_t	kore_pid;
    706 extern int	kore_quit;
    707 extern int	kore_quiet;
    708 extern int	skip_chroot;
    709 extern int	skip_runas;
    710 extern int	kore_mem_guard;
    711 extern int	kore_foreground;
    712 
    713 extern char	*kore_pidfile;
    714 
    715 extern volatile sig_atomic_t	sig_recv;
    716 
    717 extern char	*kore_rand_file;
    718 extern int	kore_keymgr_active;
    719 
    720 extern struct kore_privsep	worker_privsep;
    721 extern struct kore_privsep	keymgr_privsep;
    722 extern struct kore_privsep	acme_privsep;
    723 
    724 extern u_int8_t			nlisteners;
    725 extern u_int16_t		cpu_count;
    726 extern u_int8_t			worker_count;
    727 extern const char		*kore_version;
    728 extern const char		*kore_build_date;
    729 extern int			worker_policy;
    730 extern u_int8_t			worker_set_affinity;
    731 extern u_int32_t		worker_rlimit_nofiles;
    732 extern u_int32_t		worker_max_connections;
    733 extern u_int32_t		worker_active_connections;
    734 extern u_int32_t		worker_accept_threshold;
    735 extern u_int64_t		kore_websocket_maxframe;
    736 extern u_int64_t		kore_websocket_timeout;
    737 extern u_int32_t		kore_socket_backlog;
    738 
    739 extern struct kore_worker	*worker;
    740 extern struct kore_pool		nb_pool;
    741 extern struct kore_domain	*primary_dom;
    742 extern struct kore_server_list	kore_servers;
    743 
    744 /* kore.c */
    745 void		kore_signal(int);
    746 void		kore_shutdown(void);
    747 void		kore_signal_trap(int);
    748 void		kore_signal_setup(void);
    749 void		kore_proctitle(const char *);
    750 void		kore_default_getopt(int, char **);
    751 
    752 void		kore_server_closeall(void);
    753 void		kore_server_cleanup(void);
    754 void		kore_server_free(struct kore_server *);
    755 void		kore_server_finalize(struct kore_server *);
    756 void		kore_hooks_set(const char *, const char *, const char *);
    757 
    758 struct kore_server	*kore_server_create(const char *);
    759 struct kore_server	*kore_server_lookup(const char *);
    760 
    761 void		kore_listener_accept(void *, int);
    762 struct listener	*kore_listener_lookup(const char *);
    763 void		kore_listener_free(struct listener *);
    764 struct listener	*kore_listener_create(struct kore_server *);
    765 int		kore_listener_init(struct listener *, int, const char *);
    766 
    767 int		kore_sockopt(int, int, int);
    768 int		kore_server_bind_unix(struct kore_server *,
    769 		    const char *, const char *);
    770 int		kore_server_bind(struct kore_server *,
    771 		    const char *, const char *, const char *);
    772 /* worker.c */
    773 void		kore_worker_reap(void);
    774 int		kore_worker_init(void);
    775 void		kore_worker_privsep(void);
    776 void		kore_worker_started(void);
    777 void		kore_worker_make_busy(void);
    778 void		kore_worker_shutdown(void);
    779 void		kore_worker_dispatch_signal(int);
    780 int		kore_worker_spawn(u_int16_t, u_int16_t, u_int16_t);
    781 int		kore_worker_keymgr_response_verify(struct kore_msg *,
    782 		    const void *, struct kore_domain **);
    783 
    784 void	kore_worker_entry(struct kore_worker *) __attribute__((noreturn));
    785 
    786 struct kore_worker	*kore_worker_data(u_int8_t);
    787 struct kore_worker	*kore_worker_data_byid(u_int16_t);
    788 
    789 /* platform code (linux.c, bsd.c) */
    790 void		kore_platform_init(void);
    791 void		kore_platform_sandbox(void);
    792 void		kore_platform_event_init(void);
    793 void		kore_platform_event_cleanup(void);
    794 void		kore_platform_disable_read(int);
    795 void		kore_platform_disable_write(int);
    796 void		kore_platform_enable_accept(void);
    797 void		kore_platform_disable_accept(void);
    798 void		kore_platform_event_wait(u_int64_t);
    799 void		kore_platform_event_all(int, void *);
    800 void		kore_platform_event_level_all(int, void *);
    801 void		kore_platform_event_level_read(int, void *);
    802 void		kore_platform_proctitle(const char *);
    803 void		kore_platform_schedule_read(int, void *);
    804 void		kore_platform_schedule_write(int, void *);
    805 void		kore_platform_event_schedule(int, int, int, void *);
    806 void		kore_platform_worker_setcpu(struct kore_worker *);
    807 u_int32_t	kore_platform_random_uint32(void);
    808 
    809 #if defined(KORE_USE_PLATFORM_SENDFILE)
    810 int		kore_platform_sendfile(struct connection *, struct netbuf *);
    811 #endif
    812 
    813 #if defined(KORE_USE_PLATFORM_PLEDGE)
    814 void		kore_platform_pledge(void);
    815 void		kore_platform_add_pledge(const char *);
    816 #endif
    817 
    818 /* tls variants. */
    819 #define KORE_X509_NAME_COMMON_NAME	1
    820 
    821 void		kore_tls_init(void);
    822 void		kore_tls_cleanup(void);
    823 void		kore_tls_dh_check(void);
    824 int		kore_tls_supported(void);
    825 void		kore_tls_version_set(int);
    826 void		kore_tls_keymgr_init(void);
    827 void		kore_tls_log_version(void);
    828 int		kore_tls_dh_load(const char *);
    829 void		kore_tls_seed(const void *, size_t);
    830 int		kore_tls_ciphersuite_set(const char *);
    831 int		kore_tls_read(struct connection *, size_t *);
    832 void		kore_tls_domain_cleanup(struct kore_domain *);
    833 int		kore_tls_connection_accept(struct connection *);
    834 void		kore_tls_connection_cleanup(struct connection *);
    835 int		kore_tls_write(struct connection *, size_t, size_t *);
    836 void		kore_tls_domain_crl(struct kore_domain *, const void *, size_t);
    837 void		kore_tls_domain_setup(struct kore_domain *,
    838 		    int, const void *, size_t);
    839 
    840 KORE_PRIVATE_KEY	*kore_tls_rsakey_load(const char *);
    841 KORE_PRIVATE_KEY	*kore_tls_rsakey_generate(const char *);
    842 
    843 int		kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
    844 KORE_X509_NAMES	*kore_tls_x509_issuer_name(struct connection *);
    845 KORE_X509_NAMES	*kore_tls_x509_subject_name(struct connection *);
    846 int		kore_tls_x509name_foreach(KORE_X509_NAMES *, int, void *,
    847 		    int (*)(void *, int, int, const char *,
    848 		    const void *, size_t, int));
    849 /* accesslog.c */
    850 void		kore_accesslog_init(u_int16_t);
    851 void		kore_accesslog_worker_init(void);
    852 void		kore_accesslog_run(void *, u_int64_t);
    853 void		kore_accesslog_gather(void *, u_int64_t, int);
    854 
    855 #if !defined(KORE_NO_HTTP)
    856 /* auth.c */
    857 int		kore_auth_run(struct http_request *, struct kore_auth *);
    858 int		kore_auth_cookie(struct http_request *, struct kore_auth *);
    859 int		kore_auth_header(struct http_request *, struct kore_auth *);
    860 int		kore_auth_request(struct http_request *, struct kore_auth *);
    861 void		kore_auth_init(void);
    862 int		kore_auth_new(const char *);
    863 struct kore_auth	*kore_auth_lookup(const char *);
    864 #endif
    865 
    866 /* timer.c */
    867 void		kore_timer_init(void);
    868 void		kore_timer_run(u_int64_t);
    869 u_int64_t	kore_timer_next_run(u_int64_t);
    870 void		kore_timer_remove(struct kore_timer *);
    871 struct kore_timer	*kore_timer_add(void (*cb)(void *, u_int64_t),
    872 			    u_int64_t, void *, int);
    873 
    874 /* connection.c */
    875 void			kore_connection_init(void);
    876 void			kore_connection_cleanup(void);
    877 void			kore_connection_prune(int);
    878 struct connection	*kore_connection_new(void *);
    879 void			kore_connection_event(void *, int);
    880 int			kore_connection_nonblock(int, int);
    881 void			kore_connection_check_timeout(u_int64_t);
    882 int			kore_connection_handle(struct connection *);
    883 void			kore_connection_remove(struct connection *);
    884 void			kore_connection_disconnect(struct connection *);
    885 void			kore_connection_start_idletimer(struct connection *);
    886 void			kore_connection_stop_idletimer(struct connection *);
    887 void			kore_connection_check_idletimer(u_int64_t,
    888 			    struct connection *);
    889 int			kore_connection_accept(struct listener *,
    890 			    struct connection **);
    891 void			kore_connection_log(struct connection *,
    892 			    const char *, ...)
    893 			    __attribute__((format (printf, 2, 3)));
    894 const char		*kore_connection_ip(struct connection *);
    895 
    896 void		kore_log_init(void);
    897 void		kore_log_file(const char *);
    898 
    899 /* config.c */
    900 void		kore_parse_config(void);
    901 void		kore_parse_config_file(FILE *);
    902 int		kore_configure_setting(const char *, char *);
    903 
    904 /* mem.c */
    905 void		*kore_malloc(size_t);
    906 void		*kore_mmap_region(size_t);
    907 void		*kore_calloc(size_t, size_t);
    908 void		*kore_realloc(void *, size_t);
    909 void		kore_free(void *);
    910 void		kore_mem_init(void);
    911 void		kore_free_zero(void *);
    912 void		kore_mem_cleanup(void);
    913 void		kore_mem_untag(void *);
    914 void		*kore_mem_lookup(u_int32_t);
    915 void		kore_mem_zero(void *, size_t);
    916 void		kore_mem_tag(void *, u_int32_t);
    917 void		*kore_malloc_tagged(size_t, u_int32_t);
    918 
    919 /* pool.c */
    920 void		*kore_pool_get(struct kore_pool *);
    921 void		kore_pool_put(struct kore_pool *, void *);
    922 void		kore_pool_init(struct kore_pool *, const char *,
    923 		    size_t, size_t);
    924 void		kore_pool_cleanup(struct kore_pool *);
    925 
    926 /* utils.c */
    927 void		fatal(const char *, ...) __attribute__((noreturn))
    928 		    __attribute__((format (printf, 1, 2)));
    929 void		fatalx(const char *, ...) __attribute__((noreturn))
    930 		    __attribute__((format (printf, 1, 2)));
    931 
    932 u_int64_t	kore_time_ms(void);
    933 char		*kore_time_to_date(time_t);
    934 char		*kore_strdup(const char *);
    935 time_t		kore_date_to_time(const char *);
    936 void		kore_log(int, const char *, ...)
    937 		    __attribute__((format (printf, 2, 3)));
    938 u_int64_t	kore_strtonum64(const char *, int, int *);
    939 size_t		kore_strlcpy(char *, const char *, const size_t);
    940 void		kore_server_disconnect(struct connection *);
    941 int		kore_split_string(char *, const char *, char **, size_t);
    942 void		kore_strip_chars(const char *, const char, char **);
    943 int		kore_snprintf(char *, size_t, int *, const char *, ...)
    944 		    __attribute__((format (printf, 4, 5)));
    945 long long	kore_strtonum(const char *, int, long long, long long, int *);
    946 double		kore_strtodouble(const char *, long double, long double, int *);
    947 int		kore_base64_encode(const void *, size_t, char **);
    948 int		kore_base64_decode(const char *, u_int8_t **, size_t *);
    949 int		kore_base64url_encode(const void *, size_t, char **, int);
    950 int		kore_base64url_decode(const char *, u_int8_t **, size_t *, int);
    951 int		kore_x509_issuer_name(struct connection *, char **, int);
    952 int		kore_x509_subject_name(struct connection *, char **, int);
    953 
    954 void		*kore_mem_find(void *, size_t, const void *, size_t);
    955 char		*kore_text_trim(char *, size_t);
    956 char		*kore_read_line(FILE *, char *, size_t);
    957 
    958 #if !defined(KORE_NO_HTTP)
    959 /* websocket.c */
    960 void		kore_websocket_handshake(struct http_request *,
    961 		    const char *, const char *, const char *);
    962 int		kore_websocket_send_clean(struct netbuf *);
    963 void		kore_websocket_send(struct connection *,
    964 		    u_int8_t, const void *, size_t);
    965 void		kore_websocket_broadcast(struct connection *,
    966 		    u_int8_t, const void *, size_t, int);
    967 #endif
    968 
    969 /* msg.c */
    970 void		kore_msg_init(void);
    971 void		kore_msg_worker_init(void);
    972 void		kore_msg_parent_init(void);
    973 void		kore_msg_unregister(u_int8_t);
    974 void		kore_msg_parent_add(struct kore_worker *);
    975 void		kore_msg_parent_remove(struct kore_worker *);
    976 void		kore_msg_send(u_int16_t, u_int8_t, const void *, size_t);
    977 int		kore_msg_register(u_int8_t,
    978 		    void (*cb)(struct kore_msg *, const void *));
    979 
    980 #if !defined(KORE_NO_HTTP)
    981 /* filemap.c */
    982 void		kore_filemap_init(void);
    983 void		kore_filemap_resolve_paths(void);
    984 extern char	*kore_filemap_ext;
    985 extern char	*kore_filemap_index;
    986 
    987 struct kore_route	*kore_filemap_create(struct kore_domain *, const char *,
    988 			    const char *, const char *);
    989 #endif
    990 
    991 /* fileref.c */
    992 void			kore_fileref_init(void);
    993 struct kore_fileref	*kore_fileref_get(const char *, int);
    994 struct kore_fileref	*kore_fileref_create(struct kore_server *,
    995 			    const char *, int, off_t, struct timespec *);
    996 void			kore_fileref_release(struct kore_fileref *);
    997 
    998 /* domain.c */
    999 struct kore_domain	*kore_domain_new(const char *);
   1000 struct kore_domain	*kore_domain_byid(u_int16_t);
   1001 struct kore_domain	*kore_domain_lookup(struct kore_server *, const char *);
   1002 
   1003 void		kore_domain_init(void);
   1004 void		kore_domain_cleanup(void);
   1005 void		kore_domain_free(struct kore_domain *);
   1006 void		kore_module_init(void);
   1007 void		kore_module_cleanup(void);
   1008 void		kore_module_reload(int);
   1009 void		kore_module_onload(void);
   1010 int		kore_module_loaded(void);
   1011 void		kore_domain_closelogs(void);
   1012 void		*kore_module_getsym(const char *, struct kore_runtime **);
   1013 void		kore_domain_load_crl(void);
   1014 void		kore_domain_keymgr_init(void);
   1015 void		kore_domain_callback(void (*cb)(struct kore_domain *));
   1016 int		kore_domain_attach(struct kore_domain *, struct kore_server *);
   1017 
   1018 #if !defined(KORE_NO_HTTP)
   1019 /* route.c */
   1020 void		kore_route_reload(void);
   1021 void		kore_route_free(struct kore_route *);
   1022 void		kore_route_callback(struct kore_route *, const char *);
   1023 
   1024 struct kore_route	*kore_route_create(struct kore_domain *,
   1025 			    const char *, int);
   1026 int			kore_route_lookup(struct http_request *,
   1027 			    struct kore_domain *, int, struct kore_route **);
   1028 #endif
   1029 
   1030 /* runtime.c */
   1031 const size_t			kore_runtime_count(void);
   1032 struct kore_runtime_call	*kore_runtime_getcall(const char *);
   1033 struct kore_module		*kore_module_load(const char *,
   1034 				    const char *, int);
   1035 
   1036 void	kore_runtime_execute(struct kore_runtime_call *);
   1037 int	kore_runtime_onload(struct kore_runtime_call *, int);
   1038 void	kore_runtime_signal(struct kore_runtime_call *, int);
   1039 void	kore_runtime_resolve(const char *, const struct stat *);
   1040 void	kore_runtime_configure(struct kore_runtime_call *, int, char **);
   1041 void	kore_runtime_connect(struct kore_runtime_call *, struct connection *);
   1042 #if !defined(KORE_NO_HTTP)
   1043 int	kore_runtime_http_request(struct kore_runtime_call *,
   1044 	    struct http_request *);
   1045 void	kore_runtime_http_request_free(struct kore_runtime_call *,
   1046 	    struct http_request *);
   1047 void	kore_runtime_http_body_chunk(struct kore_runtime_call *,
   1048 	    struct http_request *, const void *, size_t);
   1049 int	kore_runtime_validator(struct kore_runtime_call *,
   1050 	    struct http_request *, const void *);
   1051 void	kore_runtime_wsconnect(struct kore_runtime_call *, struct connection *);
   1052 void	kore_runtime_wsdisconnect(struct kore_runtime_call *,
   1053 	    struct connection *);
   1054 void	kore_runtime_wsmessage(struct kore_runtime_call *,
   1055 	    struct connection *, u_int8_t, const void *, size_t);
   1056 #endif
   1057 
   1058 #if !defined(KORE_NO_HTTP)
   1059 /* validator.c */
   1060 void		kore_validator_init(void);
   1061 void		kore_validator_reload(void);
   1062 int		kore_validator_add(const char *, u_int8_t, const char *);
   1063 int		kore_validator_run(struct http_request *, const char *, char *);
   1064 int		kore_validator_check(struct http_request *,
   1065 		    struct kore_validator *, const void *);
   1066 struct kore_validator	*kore_validator_lookup(const char *);
   1067 #endif
   1068 
   1069 const char	*kore_worker_name(int);
   1070 
   1071 /* net.c */
   1072 u_int16_t	net_read16(u_int8_t *);
   1073 u_int32_t	net_read32(u_int8_t *);
   1074 u_int64_t	net_read64(u_int8_t *);
   1075 void		net_write16(u_int8_t *, u_int16_t);
   1076 void		net_write32(u_int8_t *, u_int32_t);
   1077 void		net_write64(u_int8_t *, u_int64_t);
   1078 
   1079 void		net_init(void);
   1080 void		net_cleanup(void);
   1081 struct netbuf	*net_netbuf_get(void);
   1082 int		net_send(struct connection *);
   1083 int		net_send_flush(struct connection *);
   1084 int		net_recv_flush(struct connection *);
   1085 int		net_read(struct connection *, size_t *);
   1086 int		net_write(struct connection *, size_t, size_t *);
   1087 void		net_recv_reset(struct connection *, size_t,
   1088 		    int (*cb)(struct netbuf *));
   1089 void		net_remove_netbuf(struct connection *, struct netbuf *);
   1090 void		net_recv_queue(struct connection *, size_t, int,
   1091 		    int (*cb)(struct netbuf *));
   1092 void		net_recv_expand(struct connection *c, size_t,
   1093 		    int (*cb)(struct netbuf *));
   1094 void		net_send_queue(struct connection *, const void *, size_t);
   1095 void		net_send_stream(struct connection *, void *,
   1096 		    size_t, int (*cb)(struct netbuf *), struct netbuf **);
   1097 void		net_send_fileref(struct connection *, struct kore_fileref *);
   1098 
   1099 /* buf.c */
   1100 void		kore_buf_free(struct kore_buf *);
   1101 struct kore_buf	*kore_buf_alloc(size_t);
   1102 void		kore_buf_init(struct kore_buf *, size_t);
   1103 void		kore_buf_append(struct kore_buf *, const void *, size_t);
   1104 u_int8_t	*kore_buf_release(struct kore_buf *, size_t *);
   1105 void		kore_buf_reset(struct kore_buf *);
   1106 void		kore_buf_cleanup(struct kore_buf *);
   1107 
   1108 char	*kore_buf_stringify(struct kore_buf *, size_t *);
   1109 void	kore_buf_appendf(struct kore_buf *, const char *, ...)
   1110 		    __attribute__((format (printf, 2, 3)));
   1111 void	kore_buf_appendv(struct kore_buf *, const char *, va_list)
   1112 		    __attribute__((format (printf, 2, 0)));
   1113 void	kore_buf_replace_string(struct kore_buf *,
   1114 	    const char *, const void *, size_t);
   1115 
   1116 /* json.c */
   1117 int	kore_json_errno(void);
   1118 int	kore_json_parse(struct kore_json *);
   1119 void	kore_json_cleanup(struct kore_json *);
   1120 void	kore_json_item_free(struct kore_json_item *);
   1121 void	kore_json_init(struct kore_json *, const void *, size_t);
   1122 void	kore_json_item_tobuf(struct kore_json_item *, struct kore_buf *);
   1123 void	kore_json_item_attach(struct kore_json_item *, struct kore_json_item *);
   1124 
   1125 const char		*kore_json_strerror(void);
   1126 struct kore_json_item	*kore_json_find(struct kore_json_item *,
   1127 			    const char *, u_int32_t);
   1128 struct kore_json_item	*kore_json_create_item(struct kore_json_item *,
   1129 			    const char *, u_int32_t, ...);
   1130 
   1131 /* keymgr.c */
   1132 void	kore_keymgr_run(void);
   1133 void	kore_keymgr_cleanup(int);
   1134 
   1135 #if defined(__cplusplus)
   1136 }
   1137 #endif
   1138 
   1139 #endif /* !__H_KORE_H */